CVE-2024-8708

CVE-2024-8708 affects SourceCodester Best House Rental Management System 1.0. The flaw is in categories.php processing that enables cross-site scripting and can be triggered remotely. PT-2024-39188 confirms the affected version and recommends patching the 1.0 release, validating inputs, and restr...

CVE-2023-52887

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: enhanced error handling for tightly received RTS messages in xtprxrtssessionnew This patch enhances error handling in scenarios with RTS Request to Send messages arriving closely. It replaces the less informative...

UBUNTU-CVE-2023-52834

In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 "net: alx: Work around the DMA RX overflow issue". The alx and atl1c drivers had RX overflow error which was why a custom allocator was...

CVE-2024-3138 francoisjacquet RosarioSIS Add Portal Note cross site scripting

DISPUTED A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been...

Denial Of Service (DoS)

XNIO API is vulnerable to Denial of Service DoS. The vulnerability is caused due to the problematic accumulation of notifier states within the chain. When this chain grows to be excessively large, it can lead to a StackOverflowException, overwhelming the stack and potentially causing Denial of...

Design/Logic Flaw

A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument productprice leads to business logic errors. The attack may be initiated remotely. The exploit ha...

Information disclosure

A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may b...

Slackware Linux 15.0 / current tigervnc Multiple Vulnerabilities (SSA:2023-317-01)

The version of tigervnc installed on the remote host is prior to 1.12.0 / 1.13.1. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-317-01 advisory. - A vulnerability classified as critical was found in X.org Server. Affected by this vulnerability is the functio...

Ubuntu 20.04 ESM : LibBPF vulnerabilities (USN-5759-2)

The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5759-2 advisory. USN-5759-1 fixed vulnerabilities in LibBPF. This update provides the corresponding updates for Ubuntu 20.04 ESM. Tenable has extracted the preceding...

CVE-2023-5257

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the...

CVE-2023-5257 WhiteHSBG JNDIExploit HTTPServer.java handleFileRequest path traversal

A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the...

Cross site scripting

A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this vulnerability is the function embedhandler of the file beelikedmicrosite.php. The manipulation leads to cross site scripting. The attack can be launched remotely...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : FFmpeg vulnerabilities (USN-5958-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5958-1 advisory. It was discovered that FFmpeg could be made to dereference a null pointer. An attacker could possibly use this to cau...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-5920-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5920-1 advisory. It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain...

java-xmlbuilder vulnerable to XML External Entity Reference

A vulnerability was found in java-xmlbuilder up to 1.1. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to xml external entity reference. Upgrading to version 1.2 is able to address this issue. The name of the patch is...

Information disclosure

A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The...

CVE-2022-4819

A vulnerability was found in HotCRP. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is d4ffdb0ef806453c54ddca7fdda3e5c60356285c. It is recommended to...

CVE-2018-25049 email-existence index.js redos

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular expression complexity. The name of the patch is 0029ba71b6ad0d8ec0baa2ecc6256d038bdd9b56. It is...

Fedora 35 : xorg-x11-server (2022-9100b7aafd)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9100b7aafd advisory. Security fix for CVE-2022-3550, CVE-2022-3551 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

CVE-2020-36617

A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftpparsepath of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name...